Adobe Photoshop Vulnerable to Out-of-Bounds Read Vulnerability
CVE-2024-20753

7.8HIGH

Key Information:

Vendor: Adobe
Status: Photoshop Desktop
Vendor: CVE Published:; 13 June 2024

Summary

Adobe Photoshop Desktop versions 24.7.3, 25.7, and earlier have a vulnerability that arises from an out-of-bounds read during the processing of a specially crafted file. This flaw may lead to reading beyond the allocated memory boundary, potentially allowing attackers to execute arbitrary code under the privileges of the user running the application. Exploitation requires the victim to open a maliciously constructed file, highlighting the importance of cautious handling of files from untrusted sources.

Affected Version(s)

Photoshop Desktop 0 <= 25.7

References

https://helpx.adobe.com/security/products/photoshop/apsb2...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Dec 4, 2023